firebase · colerogers · Apr 12, 2022 · Jan 31, 2022 · Feb 17, 2022 · Feb 21, 2022
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1 +1,6 @@
+- Fix URL with wrong host returned in storage resumable upload (#4374).
+- Fixes Firestore emulator transaction expiration and reused bug.
+- Fixes Firestore emulator deadlock bug. [#2452](https://github.com/firebase/firebase-tools/issues/2452)
+- Fixes console error on large uploads to Storage Emulator (#4407).
+- Fixes cross-platform incompatibility with Storage Emulator exports (#4411).
 - Adds a blocking trigger type (#4395).
diff --git a/src/deploy/functions/backend.ts b/src/deploy/functions/backend.ts
@@ -133,12 +133,8 @@ export interface TaskQueueTriggered {
 }
 
 export interface BlockingTrigger {
-  eventType:
-    | typeof events.v1.AUTH_BLOCKING_EVENTS[number]
-    | typeof events.v2.AUTH_BLOCKING_EVENTS[number];
-  accessToken?: boolean;
-  idToken?: boolean;
-  refreshToken?: boolean;
+  eventType: string;
+  options?: Record<string, any>;
 }
 
 export interface BlockingTriggered {
@@ -158,7 +154,7 @@ export function endpointTriggerType(endpoint: Endpoint): string {
   } else if (isTaskQueueTriggered(endpoint)) {
     return "taskQueue";
   } else if (isBlockingTriggered(endpoint)) {
-    return "blocking";
+    return endpoint.blockingTrigger.eventType;
   } else {
     throw new Error("Unexpected trigger type for endpoint " + JSON.stringify(endpoint));
   }

diff --git a/src/deploy/functions/prepare.ts b/src/deploy/functions/prepare.ts
@@ -21,6 +21,7 @@ import { ensureServiceAgentRoles } from "./checkIam";
 import { FirebaseError } from "../../error";
 import { normalizeAndValidate } from "../../functions/projectConfig";
 import { previews } from "../../previews";
+import { AUTH_BLOCKING_EVENTS } from "../../functions/events/v1";
 
 function hasUserConfig(config: Record<string, unknown>): boolean {
   // "firebase" key is always going to exist in runtime config.
@@ -275,26 +276,32 @@ function maybeCopyTriggerRegion(wantE: backend.Endpoint, haveE: backend.Endpoint
 
 /** Figures out the blocking endpoint options by taking the OR of every trigger option and reassigning that value back to the endpoint. */
 export function inferBlockingDetails(want: backend.Backend): void {
-  const blockingEndpoints = backend
+  const authBlockingEndpoints = backend
     .allEndpoints(want)
-    .filter((ep) => backend.isBlockingTriggered(ep)) as (backend.Endpoint &
-    backend.BlockingTriggered)[];
+    .filter(
+      (ep) =>
+        backend.isBlockingTriggered(ep) &&
+        AUTH_BLOCKING_EVENTS.includes(ep.blockingTrigger.eventType as any)
+    ) as (backend.Endpoint & backend.BlockingTriggered)[];
 
-  if (blockingEndpoints.length === 0) {
+  if (authBlockingEndpoints.length === 0) {
     return;
   }
 
   let accessToken = false;
   let idToken = false;
   let refreshToken = false;
-  for (const blockingEp of blockingEndpoints) {
-    accessToken ||= !!blockingEp.blockingTrigger.accessToken;
-    idToken ||= !!blockingEp.blockingTrigger.idToken;
-    refreshToken ||= !!blockingEp.blockingTrigger.refreshToken;
+  for (const blockingEp of authBlockingEndpoints) {
+    accessToken ||= !!blockingEp.blockingTrigger.options?.accessToken;
+    idToken ||= !!blockingEp.blockingTrigger.options?.idToken;
+    refreshToken ||= !!blockingEp.blockingTrigger.options?.refreshToken;
   }
-  for (const blockingEp of blockingEndpoints) {
-    blockingEp.blockingTrigger.accessToken = accessToken;
-    blockingEp.blockingTrigger.idToken = idToken;
-    blockingEp.blockingTrigger.refreshToken = refreshToken;
+  for (const blockingEp of authBlockingEndpoints) {
+    if (!blockingEp.blockingTrigger.options) {
+      blockingEp.blockingTrigger.options = {};
+    }
+    blockingEp.blockingTrigger.options.accessToken = accessToken;
+    blockingEp.blockingTrigger.options.idToken = idToken;
+    blockingEp.blockingTrigger.options.refreshToken = refreshToken;
   }
 }
diff --git a/src/deploy/functions/release/fabricator.ts b/src/deploy/functions/release/fabricator.ts
@@ -21,7 +21,8 @@ import * as reporter from "./reporter";
 import * as run from "../../../gcp/run";
 import * as scheduler from "../../../gcp/cloudscheduler";
 import * as utils from "../../../utils";
-import * as authBlocking from "../services/authBlocking";
+import * as services from "../services";
+import { AUTH_BLOCKING_EVENTS } from "../../../functions/events/v1";
 
 // TODO: Tune this for better performance.
 const gcfV1PollerOptions: Omit<poller.OperationPollerOptions, "operationResourceName"> = {
@@ -66,13 +67,15 @@ export class Fabricator {
   sourceUrl: string | undefined;
   storage: Record<string, gcfV2.StorageSource> | undefined;
   appEngineLocation: string;
+  triggerQueue: Promise<void>;
 
   constructor(args: FabricatorArgs) {
     this.executor = args.executor;
     this.functionExecutor = args.functionExecutor;
     this.sourceUrl = args.sourceUrl;
     this.storage = args.storage;
     this.appEngineLocation = args.appEngineLocation;
+    this.triggerQueue = Promise.resolve();
   }
 
   async applyPlan(plan: planner.DeploymentPlan): Promise<reporter.Summary> {
@@ -250,8 +253,11 @@ export class Fabricator {
           })
           .catch(rethrowAs(endpoint, "set invoker"));
       }
-    } else if (backend.isBlockingTriggered(endpoint)) {
-      // Blocking functions should always be public
+    } else if (
+      backend.isBlockingTriggered(endpoint) &&
+      AUTH_BLOCKING_EVENTS.includes(endpoint.blockingTrigger.eventType as any)
+    ) {
+      // Auth Blocking functions should always be public
       await this.executor
         .run(async () => {
           await gcf.setInvokerCreate(endpoint.project, backend.functionName(endpoint), ["public"]);
@@ -326,8 +332,11 @@ export class Fabricator {
           })
           .catch(rethrowAs(endpoint, "set invoker"));
       }
-    } else if (backend.isBlockingTriggered(endpoint)) {
-      // Blocking functions should always be public
+    } else if (
+      backend.isBlockingTriggered(endpoint) &&
+      AUTH_BLOCKING_EVENTS.includes(endpoint.blockingTrigger.eventType as any)
+    ) {
+      // Auth Blocking functions should always be public
       await this.executor
         .run(() => run.setInvokerCreate(endpoint.project, serviceName, ["public"]))
         .catch(rethrowAs(endpoint, "set invoker"));
@@ -368,7 +377,10 @@ export class Fabricator {
       invoker = endpoint.httpsTrigger.invoker;
     } else if (backend.isTaskQueueTriggered(endpoint)) {
       invoker = endpoint.taskQueueTrigger.invoker;
-    } else if (backend.isBlockingTriggered(endpoint)) {
+    } else if (
+      backend.isBlockingTriggered(endpoint) &&
+      AUTH_BLOCKING_EVENTS.includes(endpoint.blockingTrigger.eventType as any)
+    ) {
       invoker = ["public"];
     }
     if (invoker) {
@@ -411,7 +423,10 @@ export class Fabricator {
       invoker = endpoint.httpsTrigger.invoker;
     } else if (backend.isTaskQueueTriggered(endpoint)) {
       invoker = endpoint.taskQueueTrigger.invoker;
-    } else if (backend.isBlockingTriggered(endpoint)) {
+    } else if (
+      backend.isBlockingTriggered(endpoint) &&
+      AUTH_BLOCKING_EVENTS.includes(endpoint.blockingTrigger.eventType as any)
+    ) {
       invoker = ["public"];
     }
     if (invoker) {
@@ -545,9 +560,12 @@ export class Fabricator {
     endpoint: backend.Endpoint & backend.BlockingTriggered,
     update: boolean
   ): Promise<void> {
-    await this.executor
-      .run(() => authBlocking.registerTrigger(endpoint, update))
-      .catch(rethrowAs(endpoint, "register blocking trigger"));
+    this.triggerQueue = this.triggerQueue.then(async () => {
+      await this.executor
+        .run(() => services.serviceForEndpoint(endpoint).registerTrigger(endpoint, update))
+        .catch(rethrowAs(endpoint, "register blocking trigger"));
+    });
+    return this.triggerQueue;
   }
 
   async deleteScheduleV1(endpoint: backend.Endpoint & backend.ScheduleTriggered): Promise<void> {
@@ -580,9 +598,12 @@ export class Fabricator {
   async unregisterBlockingTrigger(
     endpoint: backend.Endpoint & backend.BlockingTriggered
   ): Promise<void> {
-    await this.executor
-      .run(() => authBlocking.unregisterTrigger(endpoint))
-      .catch(rethrowAs(endpoint, "unregister blocking trigger"));
+    this.triggerQueue = this.triggerQueue.then(async () => {
+      await this.executor
+        .run(() => services.serviceForEndpoint(endpoint).unregisterTrigger(endpoint))
+        .catch(rethrowAs(endpoint, "unregister blocking trigger"));
+    });
+    return this.triggerQueue;
   }
 
   logOpStart(op: string, endpoint: backend.Endpoint): void {

diff --git a/src/deploy/functions/release/planner.ts b/src/deploy/functions/release/planner.ts
@@ -236,7 +236,7 @@ export function checkForIllegalUpdate(want: backend.Endpoint, have: backend.Endp
     } else if (backend.isTaskQueueTriggered(e)) {
       return "a task queue";
     } else if (backend.isBlockingTriggered(e)) {
-      return "a blocking";
+      return e.blockingTrigger.eventType;
     }
     // Unfortunately TypeScript isn't like Scala and I can't prove to it
     // that all cases have been handled

diff --git a/src/deploy/functions/runtimes/discovery/v1alpha1.ts b/src/deploy/functions/runtimes/discovery/v1alpha1.ts
@@ -201,18 +201,9 @@ function parseEndpoints(
       requireKeys(prefix + ".blockingTrigger", ep.blockingTrigger, "eventType");
       assertKeyTypes(prefix + ".blockingTrigger", ep.blockingTrigger, {
         eventType: "string",
-        accessToken: "boolean",
-        idToken: "boolean",
-        refreshToken: "boolean",
+        options: "object",
       });
-      triggered = {
-        blockingTrigger: {
-          ...ep.blockingTrigger,
-          accessToken: !!ep.blockingTrigger.accessToken,
-          idToken: !!ep.blockingTrigger.idToken,
-          refreshToken: !!ep.blockingTrigger.refreshToken,
-        },
-      };
+      triggered = { blockingTrigger: ep.blockingTrigger };
     } else {
       throw new FirebaseError(
         `Do not recognize trigger type for endpoint ${id}. Try upgrading ` +

diff --git a/src/deploy/functions/runtimes/node/parseTriggers.ts b/src/deploy/functions/runtimes/node/parseTriggers.ts
@@ -11,10 +11,6 @@ import * as args from "../../args";
 import * as runtimes from "../../runtimes";
 import * as events from "../../../../functions/events";
 
-type BEFORE_CREATE = typeof events.v1.BEFORE_CREATE_EVENT | typeof events.v2.BEFORE_CREATE_EVENT;
-
-type BEFORE_SIGN_IN = typeof events.v1.BEFORE_SIGN_IN_EVENT | typeof events.v2.BEFORE_SIGN_IN_EVENT;
-
 const TRIGGER_PARSER = path.resolve(__dirname, "./triggerParser.js");
 
 export interface ScheduleRetryConfig {
@@ -74,9 +70,7 @@ export interface TriggerAnnotation {
   };
   blockingTrigger?: {
     eventType: string;
-    accessToken?: boolean;
-    idToken?: boolean;
-    refreshToken?: boolean;
+    options?: Record<string, any>;
   };
   failurePolicy?: {};
   schedule?: ScheduleAnnotation;
@@ -225,16 +219,16 @@ export function addResourcesToBackend(
       });
       triggered = { scheduleTrigger: annotation.schedule };
     } else if (annotation.blockingTrigger) {
-      want.requiredAPIs.push({
-        api: "identityplatform.googleapis.com",
-        reason: "Needed for auth blocking functions.",
-      });
+      if (events.v1.AUTH_BLOCKING_EVENTS.includes(annotation.blockingTrigger.eventType as any)) {
+        want.requiredAPIs.push({
+          api: "identitytoolkit.googleapis.com",
+          reason: "Needed for auth blocking functions.",
+        });
+      }
       triggered = {
         blockingTrigger: {
-          eventType: annotation.blockingTrigger.eventType as BEFORE_CREATE | BEFORE_SIGN_IN,
-          accessToken: !!annotation.blockingTrigger.accessToken,
-          idToken: !!annotation.blockingTrigger.idToken,
-          refreshToken: !!annotation.blockingTrigger.refreshToken,
+          eventType: annotation.blockingTrigger.eventType,
+          options: annotation.blockingTrigger.options,
         },
       };
     } else {

diff --git a/...deploy/functions/services/authBlocking.ts → src/deploy/functions/services/auth.ts b/...deploy/functions/services/authBlocking.ts → src/deploy/functions/services/auth.ts
@@ -2,15 +2,14 @@ import * as backend from "../backend";
 import * as identityPlatform from "../../../gcp/identityPlatform";
 import * as events from "../../../functions/events";
 import { FirebaseError } from "../../../error";
-
-const BEFORE_CREATE = events.v1.BEFORE_CREATE_EVENT || events.v2.BEFORE_CREATE_EVENT;
+import { cloneDeep } from "../../../utils";
 
 /**
  * Ensure that at most one blocking function of that type exists and merges identity platform options on our backend to deploy.
  * @param endpoint the Auth Blocking endpoint
  * @param wantBackend the backend we are deploying
  */
-export function validateAuthBlockingTrigger(
+export function validateBlockingTrigger(
   endpoint: backend.Endpoint & backend.BlockingTriggered,
   wantBackend: backend.Backend
 ): void {
@@ -58,14 +57,14 @@ function configChanged(
  * @param endpoint the blocking endpoint
  * @param update if this registration is an update
  */
-export async function registerTrigger(
+export async function registerBlockingTrigger(
   endpoint: backend.Endpoint & backend.BlockingTriggered,
   update: boolean
 ): Promise<void> {
   const newBlockingConfig = await identityPlatform.getBlockingFunctionsConfig(endpoint.project);
-  const oldBlockingConfig = { ...newBlockingConfig };
+  const oldBlockingConfig = cloneDeep(newBlockingConfig);
 
-  if (endpoint.blockingTrigger.eventType === BEFORE_CREATE) {
+  if (endpoint.blockingTrigger.eventType === events.v1.BEFORE_CREATE_EVENT) {
     newBlockingConfig.triggers = {
       ...newBlockingConfig.triggers,
       beforeCreate: {
@@ -83,9 +82,9 @@ export async function registerTrigger(
 
   if (!update) {
     newBlockingConfig.forwardInboundCredentials = {
-      idToken: endpoint.blockingTrigger.idToken || false,
-      accessToken: endpoint.blockingTrigger.accessToken || false,
-      refreshToken: endpoint.blockingTrigger.refreshToken || false,
+      idToken: endpoint.blockingTrigger.options?.idToken || false,
+      accessToken: endpoint.blockingTrigger.options?.accessToken || false,
+      refreshToken: endpoint.blockingTrigger.options?.refreshToken || false,
     };
   }
 
@@ -100,7 +99,7 @@ export async function registerTrigger(
  * Un-registers the auth blocking trigger from identity platform. If the endpoint uri is not on the resource, we do nothing.
  * @param endpoint the blocking endpoint
  */
-export async function unregisterTrigger(
+export async function unregisterBlockingTrigger(
   endpoint: backend.Endpoint & backend.BlockingTriggered
 ): Promise<void> {
   const blockingConfig = await identityPlatform.getBlockingFunctionsConfig(endpoint.project);
@@ -111,16 +110,14 @@ export async function unregisterTrigger(
     return;
   }
 
-  if (endpoint.blockingTrigger.eventType === BEFORE_CREATE) {
-    blockingConfig.triggers = {
-      ...blockingConfig.triggers,
-      beforeCreate: {},
-    };
-  } else {
-    blockingConfig.triggers = {
-      ...blockingConfig.triggers,
-      beforeSignIn: {},
-    };
+  // There is a possibility that the user changed the registration on identity platform,
+  // to prevent 400 errors on every create and/or sign in on the app, we will treat
+  // the blockingConfig as the source of truth and only delete matching uri's.
+  if (endpoint.uri === blockingConfig.triggers?.beforeCreate?.functionUri) {
+    delete blockingConfig.triggers?.beforeCreate;
+  }
+  if (endpoint.uri === blockingConfig.triggers?.beforeSignIn?.functionUri) {
+    delete blockingConfig.triggers?.beforeSignIn;
   }
 
   await identityPlatform.setBlockingFunctionsConfig(endpoint.project, blockingConfig);